<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=utf-8">
<TITLE>
Structural Parameters
</TITLE>
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>Structural Parameters</H1>
<p>
Structural parameters are a type of <a href="structmods.html">Structural Modifier</a>
which identify parameters that represent application structure instead of user data.<br>
<p>
In 'traditional' web applications the structure of the application is typically defined by the URL paths
and the data is contained in the URL parameters and POST data.<br>
URLs like:
<ul>
<li>https://www.example.com/app/aaa?ddd=eee
<li>https://www.example.com/app/aaa?ddd=fff
<li>https://www.example.com/app/aaa?ddd=ggg
</ul>
are represented in the <a href="../../ui/tabs/sites.html">Sites tab</a> as one 'node' in the tree:
<ul>
<li>Sites
	<ul>
	<li>https://www.example.com
		<ul>
		<li>app
			<ul>
			<li>GET:aaa(ddd)
			</ul>
		</ul>
	</ul>
</ul>
The Sites tree is very important as it reflects ZAP's understanding of the application structure.<br>
If it is not a good representation of the structure then ZAP will not be able to attack the application effectively.<br>
<br>
In 'single' page applications a parameter is used to indicate the logical 'page':
<ul>
<li>https://www.example.com/app/aaa?page=p1&amp;ddd=eee
<li>https://www.example.com/app/aaa?page=p2&amp;ddd=fff
<li>https://www.example.com/app/aaa?page=p3&amp;ddd=ggg
</ul>
these 3 URLs represent different logical pages, but by default ZAP will still represent them as one node:
<ul>
<li>Sites
	<ul>
	<li>https://www.example.com
		<ul>
		<li>app
			<ul>
			<li>GET:aaa(ddd,page)
			</ul>
		</ul>
	</ul>
</ul>
This is a problem because ZAP will now not attack all of the application's functionality.<br>
<br>
In ZAP terms the 'page' URL parameter is a 'structural parameter' - a parameter that defines part of the application structure.<br>
You can define structural parameters by adding the application to a <a href="contexts.html">Context</a>
and then configuring them via the <a href="../../ui/dialogs/session/context-struct.html">Session Context Structure screen</a>.<br>
Once you have done this the pages will be correctly represented as 3 nodes:
<ul>
<li>Sites
	<ul>
	<li>https://www.example.com
		<ul>
		<li>app
			<ul>
			<li>aaa
				<ul>
				<li>GET:p1(ddd,page)
				<li>GET:p2(ddd,page)
				<li>GET:p3(ddd,page)
				</ul>
			</ul>
		</ul>
	</ul>
</ul>

<H2>Accessed via</H2>
<table>
<tr><td>&nbsp;&nbsp;&nbsp;&nbsp;</td><td><a href="../../ui/dialogs/session/context-struct.html">Session Context Structure screen</a></td></tr>
</table>

<H2>See also</H2>
<table>
<tr><td>&nbsp;&nbsp;&nbsp;&nbsp;</td><td><a href="../../ui/overview.html">UI Overview</a></td><td>for an overview of the user interface</td></tr>
<tr><td>&nbsp;&nbsp;&nbsp;&nbsp;</td><td><a href="concepts.html">Features</a></td><td>provided by ZAP</td></tr>
<tr><td>&nbsp;&nbsp;&nbsp;&nbsp;</td><td><a href="structmods.html">Structural Modifiers</a></td><td>controls which change how ZAP represents the structure of the application</td></tr>
<tr><td>&nbsp;&nbsp;&nbsp;&nbsp;</td><td><a href="ddc.html">Data Driven Content</a></td><td>which identify URL paths that represent data</td></tr>
</table>

</BODY>
</HTML>
